ReliabilityFirst > Compliance > Auditing Support

Auditing Support

Resources and Support for Compliance and Preparedness

This page provides helpful resources and support to prepare for an audit and stay in compliance with NERC standards for both Critical Infrastructure Protection (CIP) and Operations and Planning (O&P). The resources found here can also be found in the Resource Center.

Resource Center RF Engagement Timeline

Operations & Planning (O&P)

The items below are provided as resources for compliance monitoring engagements for Operations & Planning and implementation of the Operations & Planning standards. Reach out to the compliance department using the Contact Us form if you have any questions.

 

Attachment Cs

Attachment C documents are an important reference point for entities that are preparing to be audited. See here for a list of all Attachment Cs.

 

Help with O&P Standards

 

Other Helpful O&P Resources

Critical Infrastructure Protection

The items below are provided as resources for compliance monitoring engagements for Critical Infrastructure Protection (CIP) and implementation of the Critical Infrastructure Protection (CIP) standards. Reach out to the compliance department using the Contact Us form if you have any questions.

 

CIP Evidence Request Tool

The CIP Evidence Request Tool (ERT) is the ERO-wide format for requests for information. Its intent is to increase consistency and transparency while providing an understanding of the evidence that CIP audits require. When getting started, ReliabilityFirst will send a CIP audit notification package that includes a spreadsheet for the CIP Evidence Request Tool and a User’s Guide for completing the spreadsheet. These documents can also be downloaded below.

ERT Files Provided in CIP Audit Notification Package

 

CIP Technical Feasibility Exception (TFE)

Technical Feasibility Exceptions are currently available for twelve of the CIP requirements:

  • CIP-005-5, Requirement R1, Part 1.4;
  • CIP-005-5, Requirement R2, Parts 2.1, 2.2, and 2.3;
  • CIP-006-6, Requirement R1, Part 1.3;
  • CIP-007-6, Requirement R1, Part 1.1;
  • CIP-007-6, Requirement R4, Part 4.3;
  • CIP-007-6, Requirement R5, Parts 5.1, 5.6, and 5.7;
  • CIP-010-2, Requirement R1, Part 1.5; and
  • CIP-010-2, Requirement R3, Part 3.2.

When entering a TFE for the CIP Version 5 Standards, an entity has the option to enter BES Cyber Assets (BCAs) or a BES Cyber System (BCS) that has a number of TFE eligible BCAs associated with it. A Protected Cyber Asset (PCA), Electronic Access Control or Monitoring System (EACM), or Physical Access Control System (PACS) Covered Asset should be entered individually since they cannot be part of a BCS.

Align is used by the registered entity to submit requests for TFEs to ReliabilityFirst.

If you have any questions regarding the CIP Standards or the TFE process, feel free to Contact Us reaching out to our Compliance or Entity Engagement departments.

 

TFE Documents 

 

Other Helpful CIP Resources

These files provide additional help and support for CIP Compliance.

Explore related pages

Standards
Compliance Monitoring Methods
Periodic Data Submittal
Submit a Complaint